﻿using System;
using System.Configuration;
using System.Collections.Generic;
using System.Linq;
using System.Data;
using System.Data.Sql;
using System.Data.SqlClient;
using System.Data.SqlTypes;
using System.Text;
using System.Text.RegularExpressions;
using System.Web;
using System.Web.Services;

namespace wdss.WebServices
{
    /// <summary>
    /// Summary description for ChangePasswordService
    /// </summary>
    [WebService(Namespace = "http://tempuri.org/")]
    [WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
    //[ToolboxItem(false)]
    // To allow this Web Service to be called from script, using ASP.NET AJAX, uncomment the following line. 
    // [System.Web.Script.Services.ScriptService]
    public class ChangePasswordService : System.Web.Services.WebService
    {

        public ChangePasswordService()
        { }
        public bool ChangePassword(string username, string oldPass, string newPass, string confirmPass)
        {
            SQLInjectionDetectionService injection = new SQLInjectionDetectionService();
            DetectXSSAttemptService xss = new DetectXSSAttemptService();
            bool safeMode = false;
            if (injection.DetectSQL(oldPass))
            {
                return safeMode;
            };
            if (injection.DetectSQL(newPass))
            {
                return safeMode;
            }
            if (injection.DetectSQL(confirmPass))
            {
                return safeMode;
            }
            if (xss.IsXSSInjection(oldPass))
            {
                return safeMode;
            }
            if (xss.IsXSSInjection(newPass))
            {
                return safeMode;
            }
            if (xss.IsXSSInjection(confirmPass))
            {
                return safeMode;
            }
            xss.EncodeString(oldPass);
            xss.EncodeString(newPass);
            xss.EncodeString(confirmPass);
            if (oldPass == newPass)
                return safeMode;
            if (newPass != confirmPass)
                return safeMode;
            Regex passwordRegex = new Regex("^.*(?=.{7,100})(?=.*\\d)(?=.*[a-z])(?=.*[0-9])(?=.*[@#$\\(\\)\\*%^&+=]).*$");
            bool regexfiltered = followsRegex(passwordRegex, newPass);
            if (!regexfiltered)
            {
                return safeMode;
            }
            SqlConnection connect = new SqlConnection(ConfigurationManager.ConnectionStrings["aspnetdbConnectionString"].ConnectionString);
            SqlCommand command = new SqlCommand("sp_ChangePassword", connect);
            command.CommandType = System.Data.CommandType.StoredProcedure;
            command.Parameters.Add("@par_username", System.Data.SqlDbType.NChar).Value = username;
            command.Parameters.Add("@par_password", System.Data.SqlDbType.NChar).Value = newPass;
            try
            {
                connect.Open();
                command.ExecuteNonQuery();
                safeMode = true;
            }
            catch (InvalidOperationException)
            {
                return safeMode;
            }
            catch (SqlException)
            {
                return safeMode;
            }
            return safeMode;
        }
        public bool followsRegex(Regex filter, string input)
        {
            bool matches = false;
            try
            {
                matches = filter.IsMatch(input);
            }
            catch (ArgumentNullException)
            {
                return false;
            }
            return matches;
        }
    }
}
